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AMENDMENTS TO THE ^XAIMS 

1, previously presented) A system for comriunicatiBg over a network having a 
plurality of seemed users utiUsdng multi-level network security devices and a plurality of 
unsecured users employing no network security devices, said system comprising: 

an interfece xmit configured to send a messa ge from a first user; 
a first multi-level network security device cDufigured to: 
intercept said message from the first user, und 

discard said message if said message violates security parameters associated with 
said inter&ce irnit, ^ 

wherein in a first mode, the first multi-level network security device is configured 
to send said message to a second user, and 

wherein in a second mode, the first multi-level networic security device comprises an 
encryptor configured to encxypt said message and send said encrypted message to a second multi- 
level network security device, and wherein in said seconil mode the second multi-level network 
security device comprises a decryptor configured to decrypt the message and send said decrypted 
message from said second multi-level network security device to a third user selected from said 
plurality of secured users. 

2, (Original) The system of Claim 1, further comprising a third multi-level network 
security device configured to intercept said encrypted mttssage, validate a signature of said first 
multi-level network security interface, and send said emaypted message from said third multi- 
level network security interface to said second multi-level network security interface. 

3 , (Original) The system of Claim 1 , whereui eac h multi-level network security device is 
configured to use association establishment messages for authenticating other multi-level 
network security interfaces. 

4, (Original) The system of Claim 1 , wherein ea( h multi-level network security device is 
configured to use association establishment message* for exchanging security parameters 
between said multi-level network security internees. 

5, (Currently Amended) A system for mixed eiiclave communications over a network 
having both secured and unsecured users, the system com prising: 

a network security device configured to j ennit cotmnunication over the network 
between one of said secxired users and one of said unsecured users, and fiirther configured 
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to dynaifliicaUy detennine whether a user initiating commwiication is one of said secured 
useis or one of said unsecured users; and 

a control module operationally coupled jo said network security device, the 
control module being configured to control passage of information between said one of 
said secured users and said one of said unsecure.i users to secuxe information residing 
with said one of said secured users against transfer to said one of said unsecured users 
when not permissible, wherein the network security device is configured to use 
association establishment messages sent over ti e network for said secured users in 
authenticating each other. 

6. (Original) The system of Claun 5, wherem th<i network security device is configured 
to examine Intemet Protocol QP) addresses for identifying the secured and unsecured users. 
7- (Canceled). 

8. (Original) The system of Claim 5, wherein tfaii network security device is configured 
to use association establishment messages for &e secured users exchanging security parameters. 

9. (Original) The system of Claim 5, wherem thi5 network secxirity device comprises an 
encryptor configured to enctypt infonnation residing with one of the secured users. 

10. (Previously presented) An apparatus for providing multi-level security in a computer 
network having a plurality of users and at least one rela ively secure portion relative to at least 
one relatively unsecure portion of the network, the appara:u$ comprising: 

a network security device configured to intercept a message transmitted between 
said at least one secure and said at least one unsecure portions of said network, and 
fijrther configured to determine whether transmission of said intercepted message violates 
network security parameters ; 

an encryptor configured to encrypt said ntercepted message if said intercepted 
message: 

originates from a first secure portic n of said network, 

is destined for a second secure poidon of said network, and 

wherein said computer network is configured so that said intercepted 

message traverses an unsecure portion of said network to reach said second secure 

portio of said network; and 
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if said network security device determines that said intercepted message violates 
said network security parameters: 

in a first mode, the network securit/ device is configured to transmit said 

intercepted message; and^ 

in a second mode, the network security device is configured to transmit 
sidd encrypted intercepted message. 

11. (Original) The apparatus Clafan 5, wherein tae network security device is further 
configured to select the types of messages that are penniss ible. 

12. (Original) The apparatus of Claim 5, wherein tiie networic security device is fijrther 
configured to examine Internet protocol (IP) addresses fo:* identiftdng the source and destination 
of said message. 

13. (Original) The apparatus of Claim 12, wherein the network security device is further 
configured to use association establishment messages fo: allowing those users vdiich reside in 
said at least one secure portion of said networic to autienticate other users residing in other 
secure portions of said network. 

14. (Original) The apparatus of Claim 13, wlierein said association establishment 
messages comprise security parameters. 

15. ((Mginal) The apparatus of Claim 13, further comprising a host configured to utilize a 
message intended to evoke a response fit)m a destination tzser selected from said plurality of 
users and intended to receive said message to determine whether said destination user resides in 
the same porticm of the network as a source user seleded fiom said plurality which sent said 
message. 

16. (Original) The apparatus of Claim 15, whersin said message intended to evoke a 
response firom said destination user comprises a message which evokes a response only if said 
destination user and source user reside in the same portion of said network. 

17. (Original) The apparatus of Claim 5, further comprising a waiting queue configured to 
queue passage of information. 

18. (Original) The apparatus of Claim 5, whsrein the network security device is 
configured to create an entry in an association table ndicalive of the source of a received 
message. 
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19. (Original) The apparatus of Claim 18, wherein the netwoii securily device is 
configured to compare the message destination's securily level to that of the source of said 
intercepted message, so as to determine if said intercepted nessage may proceed. 

20. (Previously presented) The apparatus of Cla m 19, wherein the networlc security 
device is configured to release said intercepted message if the message destination's security 
level is higher than that of the source. 

21. (Previously presented) The apparatus of Claim 19, wherem die network security 
device is configured to communicate the message between the message source and destination if 
flae message destination's security level is equivalent to tbut of the source. 

22. previously presented) The apparatus of Claim 19, wherem the networic securily 
device is configured to prohibit release of said message vhen the message destination's securily 
level is lower *>><iri that of the source unless said message i3 predicted. 

23. (Previously presented) An apparatus for communicating over a network having a 
plurality of secured users utilizing multi-level networic security devices and a plurality of 
unsecirred users, the apparatus comprising: 

a first network security device configured to control the transmission of a message 
from a first user to a second user, wherein 

in the event that either (a) the first user is a secured user and the second user is an 
unsecured user, or (b) the first user is an unsecunc d user and the second user is a secured 
user, the first network security device is configure i to intercept a message sent by the first 
user, determine whether transmission of said message breaches network security 
parameters, and transmit said message to said secdnd user if transmission of said message 
does not breach network security parameters, and 

in the event that both the first and second users are secured users, the first network 
security device is configured to 
intercept the message sent by the first user, 

determine whether transmission of said message t reaches network security parameters, 
encrypt said message, 

transmit said encrypted message to a second nttwork security device utilized by said 
second user if transmission of said message does not bre;ich network security parameters , and 
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the second network security device is configured tD decrypt said encrypted message and 
transmit said decrypted message to ttie second user . 

24. (Original) The appar^ of Claim 23, wherein the first network security device is 
configured to compare the message destination's sccuriiy level to that of the source of said 
inteicepted message. 

25. (Original) The apparatus of Claim 24, wherein: 

when the message destination's security le\ el is higher than that of the source, the 
intercepted message is pennissihle to be released; 

v*en the message destination's security level is equivalent to tliat of the source, 
information transfers between the source and destination; and, 

v^ea the message destination's security Ic/el is lower than that of the source, the 
inteicepted message is not permissible to be releasisd, unless said message is predicted. 

26. (Previously Presented) The apparatus of Zlaim 22, wherein said message is 
predicted if another message is first received by tiie source fiom the destination. 

27. (Previously Presented) The apparatus of 31aim 22, wherein said message is 
predicted if said message responds to another message fro n die destination. 

28. (Currently Amended) An apparatus for communicatmg over a network having a 
plurality of secured xisers utilizing multi-level networt security devices and a plurality of 
unsecured users, the apparatus comprising: 

a multi-level network security device confifured to: 

intercept a message from a source t > a destination; 

determine a first security parameter associated with the source; 

determine a second security paraneter associated widi the destinations. 

v^herein the device is configured to send association establishment messages over 

the network to determine at least one of th<; first or second security parameters : 

identify a security policy based on ihe first and second security parameter; 
determine whether said message ccmplies with said security policy; and 
transmit said message to the destiaition if said message complies with said 

security policy. 

29. (Currently Amended) The system of Claim 34 28, wherein the system further 
comprises an encryptor configured to encrypt said message if so specified by said security policy, 
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30. (Currently Amended) The system of Clai n 34 2S, wherein the first security 
parameter identifies the source as one of a secured or unsecured user. 

3L (Cunently Amended) The system of ClaiDi 34 25, vflierein the second security 
parameter identifies the destination as a secured or unsecmed user. 

32. (Currently Amended) The system of Claim 34 28, wherein at least one of the first 
or second security parameters identifies a classification level of data. 

33. (Currently Amended) The system of Chim 34 wherein the multi-level 
network security device is configured to inhibit covert chamel use, 

34. (Previously presented) The system of Clairi 33, wherein the multi-level network 
security device is configured to limit the rate of data tnnsfer between a secure source and an 
insecure destination to a convert channel rate. 

35. (Currently Amended) The system of CLiim 34 28, wherein the multi-level 
network security device is configured to inhibit denial of service attacks. 

36. (Currently Amended) The system of Cliim 34 2S, wherein the multi-level 
network security device is configured to inhibit denial of service attacks. 

37. (Canceled). 

38. (Currently Amended) A method for mixed enclave communications over a network 
including both secured and xmsecured users, said method •:omprising: 

permitting communications over the netv^ork between one of said secured users 
and one of said unsecured users; 

discovering dynamically twinp; iine«^sa^e<i sent over the network b v said secured 
user whettier a user initiating communications is >ne of said secured users or one of said 
unsecured users; 

controlling passage of information betwee:i said one of said secured users and said 
one of said unsecured users for securing given inrormation residing with said one of said 
secured users against transference to said on$ of said imsecured users when not 
permissible; and 

inhibiting covert channel use. 

39. (Previously presented) The method of Claim 38, wherein inhibiting covert channel 
use comprises limiting the rate of data transfer bctveen a secure source and an insecure 
destination to a convert channel rate. 
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40. (Previously presented) The method of Claim 38, wherein permitting 
communication comprises permitting Internet Protocol conimnnications. 

41. (Previously presented) The method of Clainc 40. wherein inhibiting covert channel 
use comprises detecting dialog sequence errors. 

42. (Previously presented) The method of Clam 38, wherein discovering mcludes 
using Internet Protocol (IP) addresses for identil^ing the se cured and unsecured users. 

43. (Previously presented) The method of Claim 38, wherein discovering mcludes 
using association establishment messages for said seemed users authenticating each other. 

44. (Previously presented) The method of Claim 38, wherein discovering includes 
using association establishment messages for the secured users exchanging security parameters. 

45. (Previously presented) The method of Chim 38, wherem for communications 
between one of the secured users and one of the unsecired users, the secured user employs a 
waiting queue to influence passage of information. 

46. (Previously presented) The metiiod of Cla:ro 38, viierein controlling passage of 
information comprises: 

determining when one of the secured useis receives initial information from one 
of the unsecured users that is not already establish! :d; and 

creating an entry in an association table irdicative of at least the unsecured user's 
IP address and association type. 

47. (Previously presented) The method of Claim 46, wherein controlling passage of 
information comprises further comparing a security level Df the one of the secured u$ers to that of 
the unsecured user for determining if information to he unsecured user can be allowed to 
proceed. 

48. (Currentiy Amended) A method for minced enclave communications over a 
network including both secured and unsecured users, said method comprising; 

permitting communications over the netvork between one of said secured users 
and one of said unsecured users; 

discovering dynamically nfifnp; messages sent over die network by said secured 
user whether a user initiating commimications is one of said secured users or one of said 
unsecured users; 
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controlling passage of information between said one of said secured users and said 
one of said unsecured users for securing given infcnnation residing with said one of said 
secured users against transference to said one of said unsecured users when not 

permissible; and 

inhibiting denial of service attacks^ 

49. (Previously presented) The method of Claim 48, wherein inhibiting denial of 
service attacks comprises detecting lack of activity on a machine associated with one of said 
secured or unsecured users and blockmg commumcatians : iom said machine. 

50. previously presented) The method of Clfim 48, wherein inhibiting denial of 
service attacks comprises detecting data corruption exiseeding a predctcrmmed threshold in 
communications from one of said secured or unsecured users and blocking communications from 
said user. 

51. (Previously presented) The method of Clidm 48, wherein inhibiting denial of 
service attacks comprises detecting unauthorized access by one of said secured or unsecured 
users and blocking communications from said one of said secured and unsecured users. 

52. (Previously presented) The method of Claim 48, wherein permitting 
communication comprises permitdng Internet Protocol co mnunications. 

53. (Previously presented) Hie method of Chiim 48, wherein discovering includes 
using Intemet Protocol (IP) addresses for identifying the sscxired and imsecured users. 

54. (Previously presented) The method of Clium 48, wherein discovering hicludes 
using association establishment messages for said secured users authenticating each other. 

55. (Previously presented) The method of Cl:dm 48, wherein discovering includes 
using association establishment messages for the secured users exchanging security parameters. 

56. (Previously presented) The method of Claim 48, wherein for communications 
between one of the secured users and one of the unsec jred users, the secured user employs a 
waiting queue to influence passage of information. 

57. (Previoxjsly presented) The method of Clam 48, wherein controlling passage of 
information comprises: 

determining when one of the secured users receives initial information from one 
of the unsecured users that is not already established; and 
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creating an entry in an assocsiation table indicative of at least the unsecured user's 
IP address and association type. 

58. (Previously presented) The method of Clain 57, wherein controlling passage of 
infonuation comprises further comparing a security level of the one of the secured users to that of 
the unsecured user for detennhiing if tof6imation to tiie unsecured user can be allowed to 
proceed. 

59. (Previously presented) The method of Chim 58, wherein inhibiting denial of 
service attacks comprises detecting an unaulhorized Icvnl of the unsecured user and blocking 
communications from said unsecured user. 
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